<?php
/*
 * admin form to edit user details
*/
//check admin session
include("../inc_files/utils/checkadmin.php");
//include the page header
include("../inc_files/ui/header.php");?>
<title>Edit user</title>
<script
	type="text/javascript" src="../scripts/XMLHttpRequest.js"></script>
<script type="text/javascript">
function validateForm(){
	// reset the styles on the form fields to remove
	// any highlighted errors from previous submissions
	var nuf=document.getElementById("newuserform");
	for (var i=0;i<nuf.length;i++)
	  {
		  if(nuf.elements[i].className = "tberror") nuf.elements[i].className = "tbnormal"
	  }

	//check form validation
	var valid = true;
	var errormessage = "This form is not valid. Please correct the following errors.\n";
	
	if(document.getElementById('firstname').value.length < 1){
		valid=false;
		document.getElementById('firstname').className = "tberror";
		errormessage += "\nFirst name field empty";
	}
	if(document.getElementById('lastname').value.length < 1){
		valid=false;
		document.getElementById('lastname').className = "tberror";
		errormessage += "\nLast name field empty";
	}
	if(document.getElementById('userrole').value == 'Please select...'){
		valid=false;
		document.getElementById('userrole').className = "tberror";
		errormessage += "\nSelect a user role";
	}
	//validate the password for length, complexity and matching confirm passord
	var password = document.getElementById('password').value;
	//regular expression for passowrd complexity of at least 1 upper and 1 lower case letter
	//and 1 number and contains chars only from a-z A-Z 0-9 !@#$%^&*[]()
	var passwordreg =   /^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])[a-zA-Z0-9!@#$%^&*\]\[\(/)]{7,32}$/;
	if(password.length < 7 && password.length > 0){
		valid=false;
		document.getElementById('password').className = "tberror";
		errormessage += "\nPassword too short";
	} else if(!password.match(passwordreg) && password.length > 0){
		valid=false;
		document.getElementById('password').className = "tberror";		
		errormessage += "\nPassword too simple.  Please include at least 1 of each of the following:";
		errormessage += "\ndigit, lower case letter and upper case letter.";
		errormessage += "\nPassowrds can only contain characters a-z A-Z 0-9 !@#$%^&*[]()";		
	}
	if(password != document.getElementById('confirmpassword').value){
		valid=false;
		document.getElementById('password').className = "tberror";
		document.getElementById('confirmpassword').className = "tberror";
		errormessage += "\nPasswords don't match";
	}
	
	
	if(valid == false){
		alert(errormessage);
		
	}
	return valid;
}

</script>
</head>
<body>
	<?php
	//add the navigation to the page
	include("../inc_files/ui/menu.php");

	// Create connection
	include("../inc_files/utils/dbconnection.php");
	//query for use details
	$query ="SELECT FirstName, LastName, Role, Disabled
			FROM staff WHERE UserID = ?;";
	if($stmt = $mysqli -> prepare($query))	{
		//bind the customerid to the query
		$stmt -> bind_param("s", $userID);

		//sanitise the input data
		$userID = $mysqli->real_escape_string(trim($_GET["userid"]));

		//execute the query
		$result = $stmt -> execute();

		//store the results
		$stmt->store_result();

		//bind the results to variables
		$stmt -> bind_result($firstName, $lastName, $roleID, $disabled);

		//actually fetch the results
		$stmt->fetch();


		//close the statement
		$stmt -> close();


	}
	?>
	<form id="newuserform" action="m_updateuser.php" method="post"
		onsubmit="return validateForm()">
		<table>
			<tr>
				<td>First name:</td>
				<td><input type="text" id="firstname" name="firstname" size="54"
					value="<?php echo $firstName;?>" class="tbnormal" />
				</td>
			</tr>
			<tr>
				<td>Last name:</td>
				<td><input type="text" id="lastname" name="lastname" size="54"
					value="<?php echo $lastName;?>" class="tbnormal" />
				</td>
			</tr>

			<tr>
				<td>Role:</td>
				<td><select name="userrole" id="userrole">
						<option value="Please select...">Please select...</option>
						<?php 	include("../inc_files/ui/rolesddl.php");?>
				</select>
				</td>
			</tr>
			<tr>
				<td colspan="2"><hr /></td>

			</tr>

			<tr>
				<td>UserID:</td>
				<td><input type="text" name="userid" id="userid" size="54"
					class="tbnormal" style="border: none"
					value="<?php echo $userID;?>" readonly />
				</td>
			</tr>

			<tr>
				<td>Password:</td>
				<td><input type="password" id="password" name="password" size="54"
					class="tbnormal" />
				</td>
			</tr>
			<tr>
				<td>Comfirm password:</td>
				<td><input type="password" id="confirmpassword"
					name="confirmpassword" size="54" class="tbnormal" />
				</td>
			</tr>
			<tr>
				<td>Disabled:</td>
				<td><input type="checkbox" id="disabled" name="disabled"
				<?php if($disabled == '1') echo ' checked ';?> />
				</td>
			</tr>
			<tr>
				<td></td>
				<td><input type="submit" value="Submit" /><input type="button"
					value="Cancel" onclick="document.location.href='listusers.php'" />
				</td>
			</tr>
		</table>
	</form>
	<?php 	include("../inc_files/ui/footer.php");?>
</body>
</html>
